7210 matches found
Sql injection
SQL injection vulnerability in index.php in the NeoRecruit component comneorecruit 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offerview action...
CVE-2007-4505
SQL injection vulnerability in index.php in the RemoSitory component comremository for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action...
CVE-2007-4505
The CVE-2007-4505 entry describes a SQL injection in Mambo’s RemoSitory component (com_remository) within index.php, exploitable via the cat parameter in a selectcat action to execute arbitrary SQL. Affected software is Mambo with the RemoSitory component; the root cause is unsanitized/crafted in...
CVE-2007-4509
CVE-2007-4509 describes a SQL injection in Joomla!’s EventList component (com_eventlist) versions 0.8 and earlier. The vulnerability arises in the index.php file when processing the details action with theDid parameter, allowing remote attackers to execute arbitrary SQL commands. Impact and remed...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 styltop, 2 urleintrag, or 3 stylthemen parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...
CVE-2007-4483
CVE-2007-4483 affects the WordPress Classic theme (1.5) prior to WordPress 2.1.3. The issue is a cross-site scripting (XSS) flaw in index.php via PATH_INFO (PHP_SELF). Impact: remote attackers can inject arbitrary web script or HTML.Remediation: update the WordPress Classic theme (or apply the fi...
WordPress Sirius Theme <= 1.0 - XSS
Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the theme...
WordPress Pool Theme <= 1.0.7 - XSS
Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the theme...
CVE-2007-4453
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...
CVE-2007-4359
Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via 1 the search form or 2 the jobid parameter to index.php in a showbyID action...
Design/Logic Flaw
index.php in Ryan Haudenschilt Family Connections FCMS before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcmsloginid cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the dvdconfigfile parameter...
CVE-2007-4329
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the configrootordner parameter to 1 index.php, 2 news.php, or 3 feed.php...
CVE-2007-4325
Gaestebuch 1.5 is affected by a PHP remote file inclusion in index.php triggered by a URL in the config[root_ordner] parameter. The underlying issue is that a user-supplied path is used in a context that allows inclusion of arbitrary PHP code, enabling remote code execution. The vulnerability aff...
CVE-2007-4290
Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...
CVE-2007-4175
Multiple cross-site scripting XSS vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 subaction and 2 action parameters...
Sql injection
SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter...